Request: user-level opt-out for the hardcoded sensitive-file check on project .claude/ writes

Resolved 💬 1 comment Opened Apr 21, 2026 by devorenoah7-maker Closed May 27, 2026

Hi Claude Code team,

I'm a heavy daily user of Claude desktop (v1.3561.0) and the Claude Code integration. My workflow revolves around one project with a standing preference to bypass all permission prompts — I have defaultMode: bypassPermissions and skipDangerousModePermissionPrompt: true set at every settings layer (global + project, regular + local), all trust flags on in ~/.claude.json (hasTrustDialogAccepted, hasTrustDialogHooksAccepted, hasClaudeMdExternalIncludesApproved), no managed policy fighting me, and every desktop session's permissionMode pinned to bypassPermissions.

The issue

Writes via the Write / Edit / NotebookEdit tools into project-local .claude/ subdirectories — anything outside commands/, agents/, skills/, or the settings.json / settings.local.json carve-out — trigger a "sensitive file" permission dialog that cannot be disabled by any configuration I've found.

Confirmed by testing (2026-04-21): a PreToolUse hook registered in ~/.claude/settings.json with matcher Write|Edit|NotebookEdit returning

{
  "hookSpecificOutput": {
    "hookEventName": "PreToolUse",
    "permissionDecision": "allow",
    "permissionDecisionReason": "standing user consent"
  }
}

does not suppress the prompt. The sensitive-file check runs earlier in the permission pipeline than the hook layer.

Why this matters

I understand the security rationale — protect users from prompt-injection attacks that could rewrite their permission config via malicious document content. That's valuable as a default. But I'd like a way to opt out as an informed user.

Practical impact for me: I write custom skills that produce durable artifacts (change-log snapshots, caches, etc.). The natural home for those was .claude/snapshots/, but every write fired a prompt. My workaround was to relocate the directory outside .claude/ — works fine, but it fragments project layout. .claude/ was the intuitive home for Claude-Code-adjacent artifacts.

Requests (any one would solve this)

  1. Settings key like permissions.disableSensitiveFileCheck: true that an informed user can flip after an explicit warning.
  2. Expose the check to the hook pipeline so a PreToolUse or PermissionRequest hook can override it with a documented return value.
  3. Allow pattern pre-authorization inside .claude/, e.g. permissions.allow: ["Write(.claude/snapshots/**)"].

Any of these gives informed users a deliberate off-switch while keeping the default behavior safe for everyone else.

Environment

  • Claude desktop app: 1.3561.0 (macOS)
  • Claude Code bundled: 2.1.111
  • Install method: native
  • OS: macOS (APFS, case-insensitive)
  • No managed policy present

Happy to share specifics on my setup, logs, or participate in testing if that's useful.

Thanks,
Noah DeVore

View original on GitHub ↗

This issue has 1 comment on GitHub. Read the full discussion on GitHub ↗